1. Field of the Invention
The present invention relates, in general, to enterprise computing systems and methods, and, more particularly, to a method and system which provides secure client/server interactions in a distributed computing environment.
2. Relevant Background
Computer systems including business systems, entertainment systems, and personal communication systems are increasingly implemented as distributed software systems. These systems are alternatively referred to as xe2x80x9centerprise networksxe2x80x9d and xe2x80x9centerprise computing systemsxe2x80x9d. These systems include application code and data that are distributed among a variety of data structures, data processor systems, storage devices and physical locations. They are intended to serve a geographically diverse and mobile set of users. This environment is complicated because system users move about the distributed system, using different software applications to access and process data, different hardware to perform their work, and often different physical locations to work from. These trends create a difficult problem in providing a secure yet consistent environment for the users.
In general, distributed computing systems must scale well. This means that the system architecture desirably adapts to more users, more applications, more data, and more geographical distribution of the users, applications, and data. The cost in money and time to switch over a network architecture that is adapted to a smaller business to one suited for a larger business is often prohibitive.
A conventional computing system uses a client/server model implemented on a local area network (LAN). In such systems powerful server computers (e.g., application servers and file servers) are used to process and access data. The requested data is then transmitted to the client computer for further processing. To scale to larger networks, multiple LANs may be internetworked using, for example, leased data lines to create a wide area network (WAN). The equipment required to implement a WAN is expensive and difficult to administer. Also, as networks become larger to include multiple LANs and multiple servers on each LAN it becomes increasingly difficult to find resources (i.e., files, applications, and users) on any one of the LANs.
Moreover, conventional network solutions do not scale well because as the network becomes larger, it becomes increasingly difficult to identify and locate resources needed by the various network clients. Enterprise networks typically utilize directory and meta-directory services to maintain resources. Directories are data structures that hold information such as mail address book information, printer locations, public key infrastructure (PKI) information, and the like. Because of the range of functions and different needs of driving applications, most organizations end up with many different, disparate directories. Each directory mechanism and each type of information maintained by a directory may require different information from the user in order to operate effectively. For example, a name and address directory may only require the user""s ID to verify access permissions for read operations, but may require authentication information, such as a signature, for write/modify operations. As the number and variety of directories increases, it becomes increasingly difficult to manage these varying demands.
Meta-directories are a solution that provides directory integration to unify and centrally manage disparate directories within an enterprise. A meta-directory product is intended to provide seamless integration of the multiple disparate directories. However, because meta-directories involve a wider range of data types than individual directory mechanisms, the difficulty in managing user-specific information required by the individual directories is even more complex. Also, a meta-directory product must be aware of the user information required by each of the data structures that is supposed to integrate. This required knowledge makes meta-directories difficult to maintain in a computing environment that is rapidly changing. As a result, meta-directory solutions are not sufficiently extensible to account for the wide variety of resources available on a distributed network. In the past, meta-directory technology has not been used to catalog meta-data of sufficiently general nature to meet the needs of a dynamically growing and changing distributed computing environment.
Another complicating influence is that networks are becoming increasingly heterogeneous on many fronts. Network users, software, hardware, and geographic boundaries are continuously changing and becoming more varied. For example, a single computer may have multiple users, each of which work more efficiently if the computer is configured to meet their needs. Conversely, a single user may access a network using multiple devices such as a workstation, a mobile computer, a handheld computer, or a data appliance such as a cellular phone or the like. A user may, for example, use a full featured e-mail application to access e-mail while working from a workstation but prefer a more compact application to access the same data when using a handheld computer or cellular phone. In each case, the network desirably adapts to the changed conditions with minimal user intervention.
In order to support mobile users, a conventional network had to provide a gateway for remote access. Typically this was provided by a remote access server coupled to a modem. Remote users would dial up the modem, comply with authorization and/or authentication procedures enforced by the server, then gain access to the network. In operation the mobile user""s machine becomes like a xe2x80x9cdumb terminalxe2x80x9d that displays information provided to it over the dial-up connection, but does not itself process data. For example, a word processing program is actually executing on the remote access server, and the remote user""s machine merely displays a copy of the graphical user interface to the remote user. A remote user would establish a session, perhaps a secure session if authorization and authentication procedures were used, and all communication after session establishment would be considered authentic. Both the client and server had to maintain state information to track the session state. The reliance on state information and session methodology remains difficult to implement on insecure, xe2x80x9cbest effortsxe2x80x9d type networks such as the Internet. A xe2x80x9cbest effortsxe2x80x9d type network is one in which data packets may be dropped if they are undeliverable. When packets can be lost, state synchronization is interrupted and non-recoverable errors may result in transaction processing.
There is increasing interest in remote access systems that enable a user to access a LAN/WAN using public, generally insecure, xe2x80x9cbest effortsxe2x80x9d type communication channels such as the Internet. Further, there is interest in enabling LANs to be internetworked using public communication channels. This is desirable because the network administrator can provide a single high speed gateway to the Internet rather than a remote server/modem combination for each user and expensive WAN communication lines. The Internet gateway can use leased lines to access the Internet rather than more costly business phone lines. Also, the Internet gateway can be shared among a variety of applications and so the cost is not dedicated solely to providing remote access or wide area networking. The reduction in hardware cost and recurrent phone line charges would be significant if remote users could access the LAN/WAN in this manner.
As used herein, the term xe2x80x9ccontrol dataxe2x80x9d refers to any data associated with a client request that is used to effect the response as distinguished from the actual request or response data. Systems which permit access of their internal network from a remote site through outside unsecured network connections like the Internet greatly increase the risk of an unauthorized network intrusion. A network intruder may potentially read, modify, or destroy sensitive or valuable information. One common method of limiting network access to only trusted remote users is by password authorization. In order to gain access to the internal network, a remote user is required to enter a password corresponding to a login name. Third parties not privy to the login name and password are blocked from accessing the network.
Although password protection offers some amount of network security, it is vulnerable to packet sniffing and hijacking attacks. Packet sniffers are software applications that analyze network packets traveling over a network node. Attackers can use sniffers to read passwords and data transferred across an unsecured network. This information can then be used to gain access into the internal network. Hijacking generally involves taking over a remote network connection after a trusted user has completed the password authorization process. Once a connection is hijacked, the attacker may have access to the internal network with the same privileges of the trusted user.
Another known method of preventing unauthorized remote access into an internal network is by packet filtering. In this method, a screening router only allows internal network access from trusted IP addresses or ports. Network packets received from unknown IP addresses are blocked, denying the unknown client network access. Security systems based on packet filtering techniques are generally susceptible to IP spoofing attacks. In such attacks, intruders create packets with falsified source IP addresses of trusted locations, thereby gaining access to the targeted system disguised as a trusted user. Moreover, such systems limit the network""s flexibility in allowing users to access network resources from any available port.
Data encryption may also help defend network systems for intruders. Encryption algorithms generally scramble messages and render them meaningless to anyone who does not have an unscrambling cryptographic key. In a private key encryption system, the same key is used to encrypt and decrypt messages. To communicate using a private key system, the both parties must know the key used. Furthermore, the key must be communicated between the parties securely, without third parties finding out what key is used. One drawback of private key systems is that there is a greater likelihood that the private key will fall into the wrong hands as more users require knowledge of the key. Thus, private key encryption systems are generally impractical for a networks with a large number of users.
Public key encryption methods employ a two key system, a public key and a private key, to secure messages. Each key has the ability to decrypt the other key""s encrypted messages, but cannot be used to decrypt its own encrypted messages. For example, a message encrypted by the public key can only be decrypted by its corresponding private key. Moreover, a message encrypted by the private key can only be decrypted using the public key. To use a public key encryption system, the message recipient passes one key (the public key) to whomever wishes to send it a secure message. The message recipient keeps the other key (the private key) secret and uses it to decrypt the sender""s message. Anyone eavesdropping on the conversation between the recipient and sender can only learn the public key, and is therefore unable to decrypt the message.
While a public key encryption system helps conceal and authenticate data transferred across an open network, it is generally difficult to coordinate in advance. Typically, the parties must agree beforehand on the encryption and hashing algorithms to be implemented. The parties must also exchange public and perhaps even private keys before any messages are sent. In addition, applications transferring data between the remote and local hosts must be modified to understand the encryption system used. What is needed is a secure network environment for transferring data and commands over an public network that readily adapts to a changing, heterogeneous needs of a distributed network computing environment.
Briefly stated, the present invention involves a method for accessing server resources by a client communicating control data to a server. The method includes the step of associating a context object with the control data. A recording step records a set of properties identifying the client in the context object, and a creating step creates a request packet from the control data and the context object. A transmitting step transmits the request packet to the server. The context object is passed to at least one method at the server in a passing step, and the context object is used within the method in a using step. An accessing step accesses the server resources by the method.
The using step of the method may further include a step for determining an identity of the client from the context object. This determining step may include a step for authenticating the identity of the client. The accessing step may be based on the identity of the client. The using step may also include determining a client privilege from the context object. In addition, the accessing step may be based on the client privilege.
The method of can further include steps for hashing the context object to produce a digest number, and recording the digest number in the context object. The digest number may be encrypted with a client private key in an encrypting step. Likewise, the method may include steps for hashing the control data to produce a digest number, and recording the digest number in the context object. The method may also include a step for encrypting the context object with a server public key.
The present invention also relates to a system for implementing commands over a network. The system includes a server executing a service program and a client connected to the server over the network. A request packet issued by the client to the server includes at least one command request. Additionally, at least one context object is associated to the command request within the request packet. The system includes a plurality of methods associated with the service program which perform the command request based on the context object.
The context object may further include a plurality of methods to record a set of client identifying properties in the context object. For example, the set of identifying properties may include a client entity type, a client entity identification, and a client group identification. Additionally, the context object may include a method for creating a digest number by hashing the client identifying properties, and a method for recording the digest number. A method for encrypting the digest number with a client private key may also be included in the context object.